<?php
define('IN_ECS', true);

require(dirname(__FILE__).'/includes/init.php');							//初始化文件

require_once ROOT_PATH . 'languages/' .$_CFG['lang'].'/user.php';			//加载语言文件

$user_id 	= $_SESSION['user_id'];											//用户id
$action 	= isset($_REQUEST['act']) ? trim($_REQUEST['act']) : 'default';		//获得当前的 action

$not_login_arr 	= array('login','act_login','register','act_register','act_edit_password','get_password','send_pwd_email','password',);
$ui_arr 		= array('register','login','profile','default');

if(empty($_SESSION['user_id']))												//session 中无 user_id,用户没有登陆
{
	if(!in_array($action, $not_login_arr))									//需要登陆的action
	{
		if(in_array($action, $ui_arr))		   								//需要显示界面的action
		{
			if(!empty($_SERVER['QUERY_STRING']))							//地址中有参数信息
			{
				$back_act = 'user.php?'.$_SERVER['QUERY_STRING'];			//地址中包含查询字符串
			}
			$action = 'login';												//action重设为login
		}
		else 																//不需要显示界面的action
		{
			die('非正常提交数据');
		}
	}
}

if(in_array($action, $ui_arr))												//需要显示界面的action
{
	$sql = "SELECT value FROM " . $ecs->table('shop_config') . " WHERE id = 419";	//商城参数
	$row = $db->getRow($sql);
	$car_off = $row['value'];
	$smarty->assign('car_off',$car_off);
	
	if(!empty($_CFG['points_rule']) && unserialize($_CFG['points_rule']))
	{
		$smarty->assign('show_transform_points',1);
	}
	
	$smarty->assign('data_dir',DATA_DIR);	
	$smarty->assign('action',$action);			
	$smarty->assign('lang',$_LANG);				//语言变量
}	
		
if($action == 'default')					//默认action,显示用户中心
{
	include_once ROOT_PATH . 'includes/lib_clips.php';
	
	$smarty->assign('info',		get_user_default($user_id));		//用户基本信息
	$smarty->assign('user_notice',$_CFG['user_notice']);			//用户通知
	$smarty->display('user_clips.dwt');								//用户中心欢迎页面				
	
}

if($action == 'login')						//显示用户登陆界面
{
	if(empty($back_act))
	{
		if(empty($back_act) && isset($GLOBALS['_SERVER']['HTTP_REFERER']))
		{
			$back_act = strpos($GLOBALS['_SERVER']['HTTP_REFERER'], 'user.php')?'./index.php' : $GLOBALS['_SERVER']['HTTP_REFERER'];
		}
		else 
		{
			$back_act = 'user.php';
		}
	}
	
	$captcha = intval($_CFG['captcha']);
	if(($captcha & CAPTCHA_LOGIN) && (!($captcha & CAPTCHA_LOGIN_FAIL) || (($captcha & CAPTCHA_LOGIN_FAIL) && $_SESSION['login_fail']>2)) && gd_version()>0)
	{
		$GLOBALS['smarty']->assign('enabled_captcha',1);
		$GLOBALS['smarty']->assign('rand',mt_rand());
	}
	$smarty->assign('back_act',$back_act);
	$smarty->display('user_passport.dwt');
}
elseif($action == 'act_login')				//用户提交登陆请求
{
	$username = isset($_POST['username']) ? trim($_POST['username']) : '';
	$password = isset($_POST['password']) ? trim($_POST['password']) : '';
	$back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
	
	if($user->login($username,$password,isset($_POST['remember'])))
	{
		show_message('登陆成功',array('返回上一页','用户中心'),array($back_act,'user.php'),'info');		
	}
	else 
	{
		$_SESSION['login_fail']++;
	
		echo '登陆失败';
	}
}
elseif($action == 'logout')					//用户退出
{
	if(!isset($back_act) && isset($GLOBALS['_SERVER']['HTTP_REFERER']))
	{
		$back_act = strpos($GLOBALS['_SERVER']['HTTP_REFERER'], 'user.php') ? './index.php' : $GLOBALS['_SERVER']['HTTP_REFERER'];
	}
	
	$user->logout();
	$ucdata = empty($user->ucdata) ? "" : $user->ucdata;
	show_message($_LANG['logout'] . $ucdata,array($_LANG['back_up_page'],$_LANG['back_home_lnk']),array($back_act,'index.php'),'info');
}
elseif($action == 'register')				//显示用户注册页面
{
	if(!isset($back_act) && isset($GLOBALS['_SERVER']['HTTP_REFERER']))
	{
		$back_act = strpos($GLOBALS['_SERVER']['HTTP_REFERER'], 'user.php') ? './index.php' : $GLOBALS['_SERVER']['HTTP_REFERER'];
	}
	
	$sql = 'SELECT * FROM ' . $ecs->table('reg_fields') . ' WHERE type<2 AND display = 1 ORDER BY dis_order,id';
	$extend_info_list = $db->getAll($sql);
	$smarty->assign('extend_info_list',$extend_info_list);
	
	if((intval($_CFG['captcha']) & CAPTCHA_REGISTER) && gd_version()> 0)
	{
		$smarty->assign('enabled_captcha', 1);
		$smarty->assign('rand',mt_rand());
	}
	
	$smarty->assign('passwd_questions',$_LANG['passwd_questions']);
	
	$smarty->assign('shop_reg_closed',$_CFG['shop_reg_closed']);
	
	$smarty->display('user_passport.dwt');
}
elseif($action == 'act_register')			//用户提交注册请求
{
	if($_CFG['shop_reg_closed'])
	{
		$smarty->assign('action','register');
		$smarty->assign('shop_reg_closed',$_CFG['shop_reg_closed']);
		$smarty->assign('user_passport.dwt');
	}
	else 
	{
		include_once ROOT_PATH . 'includes/lib_passport.php';
		
		$username = isset($_POST['username']) ? trim($_POST['username']) : '';
		$password = isset($_POST['password']) ? trim($_POST['password']) : '';
		$email 	  = isset($_POST['email'])	  ? trim($_POST['email'])    : '';
		$other['msn'] = isset($_POST['extend_field1']) ? $_POST['extend_field1'] : '';
		$other['qq']  = isset($_POST['extend_field2']) ? $_POST['extend_field2'] : '';
		$other['office_phone'] = isset($_POST['extend_field3']) ? $_POST['extend_field3'] : '';
		$other['home_phone'] = isset($_POST['extend_field4']) ? $_POST['extend_field4'] : '';
		$other['mobile_phone'] = isset($_POST['extend_field5']) ? $_POST['extend_field5'] : '';
		$sel_question = empty($_POST['sel_question']) ? '' : $_POST['sel_question'];
		$passwd_answer = isset($_POST['passwd_answer']) ? trim($_POST['passwd_answer']) : '';

		$back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
		
		if(strlen($username) < 3)								//用户名长度小于3个字符
		{
			show_message($_LANG['passport_js']['username_shorter']);
		}
		
		if(strlen($password) < 6)								//用户密码小于6个字符
		{
			show_message($_LANG['passport_js']['password_shorter']);
		}
		
		if(strpos($password, ' ') > 0)							//密码中有空格
		{
			show_message($_LANG['passwd_balnk']);
		}
		
		if((intval($_CFG['captcha']) & CAPTCHA_REGISTER) && gd_version()>0)			//打开验证码
		{
			if(empty($_POST['captcha']))				//验证码为空
			{
				show_message($_LANG['invalid_captcha'],$_LANG['sign_up'],'user.php?act=register','error');
			}
			
			include_once 'includes/cls_captcha.php';			//加载验证码类
			
			$validator = new captcha();
			if(!$validator->check_word($_POST['captcha']))		//检测验证码输入是否正确
			{
				show_message($_LANG['invalid_captcha'],$_LANG['sign_up'],'user.php?act=register','error');
			}
		}
		
		if(register($username,$password,$email,$other) !== false)	//注册通过
		{
			$sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type=0 AND display=1 ORDER BY dis_order,id';
			$fields_arr = $db->getAll($sql);
			
			$extend_field_str = '';
			foreach($fields_arr as $val)
			{
				$extend_field_index = 'extend_field' . $val['id'];
				if(!empty($_POST[$extend_field_index]))
				{
					$temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0,99) : $_POST[$extend_field_index];
					$extend_field_str .= " ('" . $_SESSION['user_id'] . "','" . $val['id'] . "','" . $temp_field_content . "'),";
				}
			}
			$extend_field_str = substr($extend_field_str, 0,-1);
			
			if($extend_field_str)
			{
				$sql = 'INSERT INTO '. $ecs->table('reg_extend_info') . ' (user_id,reg_field_id,content) VALUES'.$extend_field_str;
				$db->query($sql);
			}
			
			if(!empty($passwd_answer) && !empty($sel_question))			
			{
				$sql = 'UPDATE ' . $ecs->table('users') . " SET passwd_question = '$sel_question',passwd_answer='$passwd_answer' WHERE user_id = '" . $_SESSION['user_id'] . "'";
				$db->query($sql);
			}
			
			$ucdata = empty($user->undata) ? "" : $user->ucdata;
			show_message(sprintf($_LANG['register_success'],$username.$ucdata),array($_LANG['back_up_page'],$_LANG['profile_lnk']),array($back_act,'user.php'),'info');
		}
		else 
		{
			$err->show($_LANG['sign_up'],'user.php?act=register');
		}
	}
}
elseif ($action == 'profile')
{
	include_once ROOT_PATH . 'includes/lib_transaction.php';
	
	$user_info = get_profile($user_id);
	
	$sql = 'SELECT * FROM ' . $ecs->table('reg_fields') . ' WHERE type < 2 AND display = 1 ORDER BY dis_order,id';
	$extend_info_list = $db->getAll($sql);
	
	$sql = 'SELECT reg_field_id,content ' . 
			'FROM ' . $ecs->table('reg_extend_info').
			" WHERE user_id = $user_id";
	
	$extend_info_arr = $db->getAll($sql);
	
	foreach($extend_info_arr AS $val)
	{
		$temp_arr[$val['reg_field_id']] = $val['content'];
	}
	
	foreach($extend_info_list AS $key => $val)
	{
		switch($val['id'])
		{
			case 1: $extend_info_list[$key]['content'] = $user_info['msn'];break;
			case 2: $extend_info_list[$key]['content'] = $user_info['qq'];break;
			case 3: $extend_info_list[$key]['content'] = $user_info['office_phone'];break;
			case 4: $extend_info_list[$key]['content'] = $user_info['home_phone'];break;
			case 5: $extend_info_list[$key]['content'] = $user_info['mobile_phone'];break;
			default:$extend_info_list[$key]['content'] = empty($temp_arr[$val['id']]) ? '' : $temp_arr[$val['id']];
		}
	}
	
	$smarty->assign('extend_info_list',$extend_info_list);
	$smarty->assign('passwd_questions',$_LANG['passwd_questions']);
	$smarty->display('user_transaction.dwt');
}



